New MS patch Causing BSoD due to rootkit

[thathagat]

check this video of the TDL3 rootkit + MS10-015 patch = BSOD....http://www.youtube.com/watch?v=QK4rF2EGa5E

[acr]

A critical system update released on Tuesday (a vulnerability effecting all OS versions except 64 bit Windows 7) was first reported to be causing BlueScreen of Death on some XP systems: Windows Updates Cause BSOD on XP Systems

However, developments throughout the day increasing indicate that the affected systems are ones suffering from a rootkit infection. The increasingly interesting replies to Brian Kreb's article are quite informative.

One commenter said:

Many of the replies are very informative.

Just a while ago, Krebs posted an update: Rootkit May Be Culprit in Recent Windows Crashes

Among the replies I found a link to a more technical article (Nov. '09) about this type of rootkit and how it can be removed: [TDL3 Rootkit] New Rootkit on the loose ...

Kaspersky fans will be happy to hear that one replier, joemessman, was able to detect and remove the rootkit with Kaspersky's TDSSKiller.

He also reported his testing showed that none of the following where able to detect it:

* F-Secure Blacklight
* RootkitRevealer
* Windows Malicious Software Removal Tool
* ProcessGuard
* Rootkit Hunter (Linux and BSD)

And I found it highly interesting that one replier reported that this rootkit is VM-aware and won't install itself on a virtual machine.

I wonder which scanner of HMP found the rootkit? I suspect Prevx.

[noaccount]

Good news is that TDL3 authors care about us and they released in a couple hours a new updated version of the rootkit compatible with the Microsoft patch
read here........http://www.prevx.com/blog/143/BSOD-after-MS-TDL-authors-apologize.html

interesting article this is not going to end here n it does not look targeted...

I wonder which scanner of HMP found the rootkit? I suspect Prevx.

see video above - atapi.sys infection gdata, prevx & a2 only, other infected components also avira & eset